Release date:
Updated on:
Affected Systems:
Openstack Neutron
Description:
--------------------------------------------------------------------------------
Bugtraq id: 67012
CVE (CAN) ID: CVE-2014-0187
OpenStack Neutron is a network-as-a-service project between Interface Devices managed by the Openstack service.
OpenStack Neutron has a security vulnerability in processing security group rules with invalid CIDR. authenticated users can use this vulnerability to interrupt the openvswitch-agent process and prevent other rules from being applied to the host.
<* Source: Stephen Ma (HP)
Link: https://bugzilla.redhat.com/show_bug.cgi? Id = 1090132
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Openstack
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://lists.openstack.org/pipermail/openstack-announce/
Https://review.openstack.org/59212
Https://review.openstack.org/88674
Https://review.openstack.org/88057